Re: [dns-privacy] [Ext] Security Considerations: Traffic Analysis
"Hollenbeck, Scott" <shollenbeck@verisign.com> Mon, 16 August 2021 14:51 UTC
Return-Path: <shollenbeck@verisign.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 902EE3A1870 for <dns-privacy@ietfa.amsl.com>; Mon, 16 Aug 2021 07:51:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EU_Xpphlb-41 for <dns-privacy@ietfa.amsl.com>; Mon, 16 Aug 2021 07:51:18 -0700 (PDT)
Received: from mail5.verisign.com (mail5.verisign.com [69.58.187.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 080563A186A for <dprive@ietf.org>; Mon, 16 Aug 2021 07:51:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=6864; q=dns/txt; s=VRSN; t=1629125478; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=VbGhD6i2dIbMt6oE6eqOlsfv4INOtkDHQIsspwk5Vy4=; b=BKeXnGFCwX8YSqbEjQO69TukdPOdFQfNDKOpZDYtkL4jfjDXLcdws9nL jq6PCAXo+rTPeT4in/bTndKmgXXGkQMEtmASH2AfJZcFa0eah1js16YAJ uy6HN7CkAn+JIBPAQL9mKCvo3zbKsOnJV1dnhO5cg49zsJOzZJVMMCr/N OKgCAj/L28aaVs1dOcmAXd1thzr6YBXYT1+2/6F0/dAqhUxiv9JiGcXBI JPlrApehqMPNRBumiY1ZENMV/CZTx7GZ9OdULvN+TwlBl5pzl48lJ462W 4gxHXriXy8ftifo8hBIo3b8fM8LvRn2CqmWg2BbHhAujR1SLOJ10NE7pR A==;
IronPort-SDR: rznyGynuwGIeLi/7trgdovPTwa0BFHmJzQG+9/JNGKnQvutQrZ2rkIdLIKpX/78yEEWiHnA0k3 WzD/8Ua3MTf+FXGm1MElN0rRpsPS3vVrhSBRbnrxtlrYcDkP8VdP4HjY1o/on5m2Waeq1ueJTn fDhqcnXRu+vj8ydOuoPQsj4QOPrH1c4ix7yqPnfBeRZGi+FwpM71JHylDvkBYf1+XoS2f3wyiL igaorNSK/XeLn7nnHF8UkSng8DQPmX7cgfLRZa3fQBdYze7DBk5BGPjzFtWMQwCO7mtJ3pEzHt 8ms=
IronPort-HdrOrdr: A9a23:F0r/kqEpkprjXCHZpLqENceALOsnbusQ8zAXPidKOHlom62j5q KTdZsgtSMc5Ax+ZJhCo7+90cC7KBvhHPVOkOos1NmZPTXOiS+HIIZv9oP+zzClMD2WzIJg/J YlV6RlEtX/ARxZgdaS2mOFOudl5NWc6qiniaPl0nF3QWhRBp1I9QtjFQqBKEFwSTRHAZZRLv Gh2vY=
X-IronPort-AV: E=Sophos;i="5.84,326,1620705600"; d="scan'208";a="8939180"
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Mon, 16 Aug 2021 10:51:15 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.2308.008; Mon, 16 Aug 2021 10:51:15 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "paul.hoffman@icann.org" <paul.hoffman@icann.org>
CC: "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: [Ext] [dns-privacy] Security Considerations: Traffic Analysis
Thread-Index: AdeSlga+jApWtBQ/RqOdFIqCjVWIHwATlWWAAA3nteA=
Date: Mon, 16 Aug 2021 14:51:15 +0000
Message-ID: <3ce2f0a061214776b829469c5feeee0f@verisign.com>
References: <b7bdb0aded484ffc86a7ab58ab9115a8@verisign.com> <6B093849-B681-40CD-BBFB-4A97D6057E3C@icann.org>
In-Reply-To: <6B093849-B681-40CD-BBFB-4A97D6057E3C@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/bqpOrVIH48GhAa_glmN37YPA3U8>
Subject: Re: [dns-privacy] [Ext] Security Considerations: Traffic Analysis
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2021 14:51:25 -0000
> -----Original Message----- > From: Paul Hoffman <paul.hoffman@icann.org> > Sent: Monday, August 16, 2021 10:19 AM > To: Hollenbeck, Scott <shollenbeck@verisign.com> > Cc: dprive@ietf.org > Subject: [EXTERNAL] Re: [Ext] [dns-privacy] Security Considerations: Traffic > Analysis > > On Aug 16, 2021, at 5:14 AM, Hollenbeck, Scott > <shollenbeck=40verisign.com@dmarc.ietf.org> wrote: > > > > The iterative nature of recursive resolution gives an on-path monitor > multiple opportunities to observe query traffic between a recursive resolver > and an authoritative name server. Even with encryption, the name server IP > addresses can be used to draw accurate conclusions about qnames by > matching IP addresses to name servers identified in publicly available zones. > This is something that needs to be addressed in the Security Considerations > section of any draft that describes a recursive-to-authoritative encryption > solution. > > > > draft-ietf-dprive-dnsoquic addresses traffic analysis, but draft-ietf-dprive- > unauth-to-authoritative does not. draft-rescorla-dprive-adox-latest > addresses it somewhat. I'd like to suggest that text like this (or something > similar) be added to draft-ietf-dprive-unauth-to-authoritative and draft- > rescorla-dprive-adox-latest: > > > > > > BEGIN > > Encryption is one of several controls that can reduce the risk of > > disclosure of sensitive information. Resolver-to-authoritative DNS > encryption will protect the DNS traffic exchanged between the resolver and > the authoritative name server from being directly observed and/or modified > by an adversary. However, as in other systems where encryption is > deployed, implementers should also consider other ways in which the same > or related information may also be exposed, and how to mitigate those risks. > For example, encryption provides confidentiality protection for DNS query > and response payloads between recursive resolvers and authoritative name > servers, but iterative resolution makes it possible to perform traffic analysis > using other, non-encrypted information that can be observed in subsequent > iteration steps. The names and IP addresses of the name servers for most > DNS zones are publicly available, so an attacker that can monitor traffic > exchanged between a resolver and an authoritative n ame server will often > be able to identify the zone of interest based on the IP address of the > authoritative name server. Iterative resolution using destination IP addresses > that were encrypted in a previous query makes it possible to identify the set > of domains that might be associated with a query by observing the > destination IP address and comparing that to the addresses and names > found in publicly-available zone files. This risk can be reduced by limiting the > number of queries sent to authoritative name servers using techniques such > as hyperlocal root processing [RFC7706], NXDOMAIN cut processing > [RFC8020], and aggressive DNSSEC caching [RFC8198]. > > > > The size of encrypted query and response packets can also be used to > detect query patterns. The set of name servers and IP addresses returned in > a response to a query changes infrequently, so the size of the DNS response > for a specific set of name servers tends to stay the same during a given time > period. The size of responses can be monitored to observe patterns > associated with responses from specific name servers, and this information > can be used to identify queries for specific domain names. This risk can be > reduced by padding the record payload of TLS-protected responses to > eliminate response size variability. > > > > Additional traffic analysis considerations are described in a paper titled > "Encrypted DNS =⇒ Privacy? A Traffic Analysis Perspective" [1]. > > > > [1] > > https://secure- > web.cisco.com/1BnLOTztjAEEKsTmNTQ12s7CJTbafBHe2ULMhaC1Z > > pPluwYnbvLJZjTfUJiuCogPIu- > CmzqUwtazRCiChJfxqCkIQJjG9KIcwFnFC89CHAAB-7w > > KRGczojrlT43PRxGTtxnmneycEX6VYcQ4afNDxMmSl0aVh- > a30oKKtS3pXXyKT_NlmS5Ul > > S483kVZJq_cAUtePhPFHfy8fGP7NZun64UE- > yAI8E1BcuhX7O89L28xy1jIB0eRBTv-1e1 > > yIsZgo/https%3A%2F%2Fwww.ndss-symposium.org%2Fwp- > content%2Fuploads%2F2 > > 020%2F02%2F24301-paper.pdf > > END > > This seems misplaced. The act of encrypting recursive to authoritative does > not add any more considerations for "other ways in which the same or > related information may also be exposed, and how to mitigate those risks". > Instead of listing just a few privacy considerations, wouldn't it be better to > have the reader go to the more complete list in RFC 8932 and RFC 9076? [SAH] The act of encrypting may mislead someone into thinking that their confidentiality concerns have been completely addressed. In lieu of the text I proposed, yes, references to RFCs such as 8932 and 9076 could help make it clear that privacy considerations remain even if encryption is used. Scott
- [dns-privacy] Security Considerations: Traffic An… Hollenbeck, Scott
- Re: [dns-privacy] Security Considerations: Traffi… Paul Wouters
- Re: [dns-privacy] Security Considerations: Traffi… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] Security Considerations: … Paul Hoffman
- Re: [dns-privacy] [Ext] Security Considerations: … Hollenbeck, Scott
- Re: [dns-privacy] [Ext] Security Considerations: … Paul Hoffman
- Re: [dns-privacy] [Ext] Security Considerations: … Hollenbeck, Scott
- Re: [dns-privacy] [Ext] Security Considerations: … Paul Wouters
- Re: [dns-privacy] [Ext] Security Considerations: … Hollenbeck, Scott